Terminal services connect from Win2k client using port 90 or 21

Remote Web Workplace WOULD be the way to go in this situation.  It uses port 443 for the outbound, which I'm sure they allow (because that's the SSL port for HTTP - 80).

It would be very helpful though if you provided exactly what error message displays, because describing the problem as "they get an error message" doesn't give us much to go on.

Jeff
TechSoEasy

Hi Jeff,

I realize the error message should have been included but I can't reproduce it here so I have to wait until Monday to get it from them.  I wanted them to be able to connect to my companyweb but they couldn't get past SSL port 444 (I don't know if this is relevant).  I'll try to get the error message for you next week.

Thanks for the quick reply.

John

Actually that is true... if you connect to Companyweb you'll need to be able to have outbound access through 444 and connecting to remote desktops will require outbound access through port 4125 (not 3389 as the IT department suspected, because SBS uses an RDP proxy).

So... If those can't be made available... I'd suggest that you look into something like www.logmein.com which will run all traffic through 80 and 443.

Jeff
TechSoEasy

Hmmm... that's a great idea... one other thought.  Port 4125 is used for Remote Web Workplace.  That port as well can be modified to use port 21 instead.  The only problem I see with this is that it would also need port 444.  Generally if port 21 is allowed outbound access though, port 22 is as well since this would be the SSH port (equal to what 443 is to port 80).

Worth looking at.

Jeff
TechSoEasy

Unfortunately, RRAS does not let you change the deafult port settings for HTTP, HTTPS, or FTP.  I found a hack once that would enable the textbox so you could change it, but I can't find it now.  

I don't think port 444 is necessary unless you are accessing the internal business website, i.e. the sharepoint site is made available.  If you go straight to /exhcnage or /remote it doesn't use 444 does it?

Yeah, it does... I didn't think so, but after reading his request yesterday wanting users to be able to access the companyweb I tested it.  You can easily see what's happening by running a netstat command while using RWW.

Jeff
TechSoEasy

Hi,

We use ftp all of the time so I don't want to give that up also, at first at least, I would like the program they run to be on my server running through terminal server.  

I tried LogMeIn and it works fine but it controls the desktop of the server rather than start a terminal server session.  I don't think this will work for me because I would like to have three users running my software on the server concurrently so, obviously, they can't all share the same desktop.

Thanks,
John

Well, wait a minute... you can't run Terminal Services in application mode on an SBS 2003!  You would need a separate Terminal Server.

Jeff
TechSoEasy

I suggest either installing a new 2003 server as an RDP app server or looking at WinConnectXP at ThinSoftInc.com. Combine ManicSquirrel's solution with what ThinSoft has to offer.

Hi,

If necessary I will get another server but I have run this server in application mode (I assume what you mean is running an application remotely on the server) however I have done this using the Admin account.  I don't know if it will work using a regular TS licence but I was told that it will.  Microsoft recommends not doing it for security reasons.

I don't know what the security risks are or if there are other reasons (not that security is not a major concern).

I will check-out the ThinSoft possibility.

Thanks,
John

SBS won't run application mode. It's hardwired not to. The only option would be to put users in the Domain Admins group and then you'd still be limited to the two sessions allowed. I've never heard of anyone getting around it.

Well, what "Application Mode" means for Terminal Services is that you can install applications which can then be used simultaneously by multiple users, each logging in to a separate desktop on the same server.  SBS does NOT allow this.  Period.

The administrative logins to SBS are only able to administer the server.   You definitely don't want to provide Administrator privileges.

Can you really be serious about security not being a major concern?  How much time are you spending just setting this up?  Do you want just anyone to be able to hack into your server and not only access what's there, but to majorly screw it up?

Be cautious of the WinConnectXP.  While it will provide multiple remote desktops on a WindowsXP machine, each instance requires a separate Windows XP license and they don't make that clear in their literature.  Also, many applications will not run under WinConnectXP.

Jeff
TechSoEasy

Hi Jeff,

I said security is a major concern and I have had a couple of non-related security problems so I want to be cautious.  

I am not going to provide Admin priveledges to anybody, I just tried it out to see if it works.  I can run the same program (my program that I want this company's users to use) in two different workspaces by logging in twice as administrator so I assume that when I buy terminal server licences I can do the same using the restricted priviledges of a typical user.

What I am trying to do now is find something that works and then if I need more hardware or whatever I will get it but I don't want to buy it and then discover that I have just wasted time and money.

Assuming Shack-Daddy is correct I will have to get another server but what I have read is that I will need another SBS so I am confused as to how a second SBS will help if the first one won't run in application mode unless there is a way to setup SBS to run in application mode and the other to run in server mode.

Tomorrow I will check the ThinSoft.  

Thanks for your comments,
John  

You can't use another SBS. Only one can exist per domain. But you can add another 2003 server as a member of the domain and even make it a DC if you want (I wouldn't). You would then turn on application mode on the new server, put in the codes for a 5-TS CAL pack, and install your app. Then your users could log onto it with their existing domain accounts (even via RWW) and run the app.

Hi Jeff,

OK I can see you are right from the attached article.  

I had asked this question of the computer software dealer where I intended to by the Terminal Server licences and I was told there was no problem and if I wanted to I could run Terminal Server on my SBS or install another SBS and run TS on that.  He actually suggested that I not bother with a second server even though I knew MS recommended it (maybe more than recommended it).

I appologize for my ignorance.  

I assume what you are saying is that adding another server is a different world and even if I could run this app on my server remotely using my Admin account from this company's network PC it wouldn't advance my cause.

Thanks,
John    

Well, it's a good thing that you didn't listen to him about the second server either!!!  Because you can't add a second SBS to your network... there can only be ONE SBS.  The additional server would have to be a Windows Server 2003 standard edition.

And I'm sorry, but I totally don't understand your last comment about "a different world".

Jeff
TechSoEasy

Hi Jeff,

What I meant is there is no point in seeing if I can run the program on my SBS because whatever we find that does work may not be applicable to the SBS 2003 + Serever 2003 configuration.

John

That is true, basically.  I wouldn't install it on your SBS as a test, if that's what you are saying.  Unless you create a LAB instance of your SBS (one that is not your production server).

Jeff
TechSoEasy

Hi Jeff,

I wasn't going to install anything on the SBS (after your comment about SBS being unable to support Terminal Server).  

I wonder if I can run the software on my SBS from the other company's PC if that would be a worthwile experiment in determining if I could run it on an new Server 2003.  In other words, will this get me over one hurdle on my way to getting the whole thing working or is the situation with the new Server 2003 so different that experimenting with the SBS is a waste of time?

Thanks,
John

What is it that you are wanting to run that your clients need access to it as well?  I don't really understand the situation.  I would never let a client into my network.  What are you trying to accomplish?

Does the software have to run on an actual server operating system?  Or can it run on XP acting as a server for just that program?

Jeff
TechSoEasy

I'm sorry, we are get way off on the original question.  Let me redirect.  Can you determine if port 8080 or 8443 outgoing is blocked by your customers network.  These are common web ports used for remote web management of some network devices.  It might also be worth the effort to ask them for a list of open port and available SSL tunnels that they support.  THen we could decide what port number to change 444 to and then you could continue to work seemlessly and so could your customer.

Otherwise, I believe my first comment answers your question explicity.

Well, I stated that we got way off topic a couple of days ago and thought we were really done with the original issue.  (In which case this question should be closed).

Jeff
TechSoEasy

Hi Manicsquirrel and Jeff,

It seems like the question has become what is the question.  I will check on the ports as requested.

The client can run our database on their server and this would normally solve the problem but we are still doing some development work.  We would like to have more control over the database so we can be more responsive to their needs also some of their users will be in remote locations part time and some full time.  The programmers are also in remote locations.

Thanks,
John